I can't access http://localhost:28017 when enabled auth for mongod; it always pops up username/password even if I fill in correct username/password. I have enabled HTTP & REST in the initial parameter file.

The YAML format parameter file which I use:

net:

port: 27017

http:

enabled: true

RESTInterfaceEnabled: true

security:

authorization: enabled

But when I disable mongod authorization, I can login at http://localhost:28017 successfully with no need to fill in username/password.

What's the reason? Does it not support HTTP console under the authorization for 3.0? My version is 3.0.2.

网友答案:

First let me add the standard caveat - do not use the built in HTTP/REST interface in production, only for testing, it should be disabled on production systems.

On to the issue: MongoDB 3.0 now defaults to using SCRAM-SHA-1 for challenge response (username and password) based logins and I am assuming you created your users from scratch in 3.0 (if they were imported from 2.6 they would work unless you did a schema upgrade). The reason you are failing is that the HTTP/REST interface does not support using the new credential mechanism in 3.0 to log in, you have to use the old mechanism.

Basically, you need to have a user with the legacy MONGODB-CR credentials if you want to use the REST interface authenticated. Create the user you wish to use, then use the changeUserPassword command to switch to the MONGODB-CR mechanism. Something like the following: